New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
SSL Configuration for Apache in cPanel
Mahfuz_SS_EHL
Host Rep, Veteran
in Help
Hi,
I was curious to know about the thing in Title Properly. Though it's not so much needed but More Security, More Strong you are. I check SSL Certs with Qualys SSL Labs & GlobalSign SSL Checker because they report quiet briefly.
Qualys SSL Labs: https://www.ssllabs.com/ssltest/
GlobalSign SSL Checker:
https://sslcheck.globalsign.com/
Now, the fact is that I got My Server with A- Grade after doing much change in Apache Config.
So, anyone having vast knowledge in SSL, can elaborate all the changes we need to do.
So, we'll get a Good Tutorial to make it stronger.
Thanks for reading,
Mahfuz.
Comments
A- is not too bad, you know :-) https://www.ssllabs.com/ssltest/analyze.html?d=www.google.com&hideResults=on
I used to have A for my webserver, but some people with old browsers are not so happy...
I went for A+, screw anyone with an old browser.
https://cipherli.st/ and https://mozilla.github.io/server-side-tls/ssl-config-generator/
Are both helpful here. Of course going for A+ means you exclude some people that I dont feel need to be, i.e Any android before 4.4.
tl;dr; A-/A is good enough
Oh, I never checked them :-P But, I want to ensure A must. Don't know why A+ would make problems. Can anyone elaborate ??
I don't need the people usually who use IE 6/7 Or Mozilla less than v10.
An A+ rating requires that all vistors to your site have are using a MINIMUM of Firefox 27, Chrome 22, IE 11, Opera 14, Safari 7, Android 4.4, Java 8.
In the graph, kitkat is 4.4 and you would basically be banning every other device from your site.
The same for IE, of course its not a great browser but those who use it are usually the ones that dont update it.
With a business if they cant even see your site they cant give you their money, and they probably arent going to come back after a browser upgrade if they see SSL errors either.
Just my 2c though.
Now, I'm A+ (https://www.ssllabs.com/ssltest/analyze.html?d=manage.syncserve.net)
But, it shows that Things you said supports My Protocol i.e. IE 7/8/9 in Handshake Simulation.
Okay, I've researched over it & Gained Much Knowledge. I can write some important Notes which should be changed in order to get Good Encryption & To be supported in Mostly Used Devices / OS / Browsers. Will anybody be interested ?